.NET Framework April 2022 Security and Quality Rollup Updates

Salini Agarwal

We are releasing the April 2022 Security and Quality Rollup Updates for .NET Framework.

Security

CVE-2022-26832 – .NET Framework Denial of Service

This security update addresses an issue where an unauthenticated attacker could cause a denial of service on an affected system.

Quality and Reliability

This release contains the following quality and reliability improvements.

NET Libraries
  • Addresses an issue when Ssl negotiation can hang indefinitely when client certificates are used when TLS 1.3 is negotiated. Before the change renegotiation (PostHandshakeAuthentiction) would fail and SslStream or HttpWebRequest would observe a timeout.
Winforms
  • Addresses a leak of IRawElementProviderSimple objects which was introduced in .NET Framework 4.8. This is an opt-in fix, add the following compatibility switch to the app.config file in order to dispose the accessible objects:
        <runtime>
            <!-- AppContextSwitchOverrides values are in the form of 'key1=true|false;key2=true|false  -->
            <AppContextSwitchOverrides value="Switch.System.Windows.Forms.DisconnectUiaProvidersOnWmDestroy=true"/>
        </runtime>

Note: that when the accessibility server application opts into this fix, the accessibility client will receive errors when accessing the disconnected provider. This is expected because the corresponding control window is destroyed. Previous behavior where the provider was returning information for destroyed controls was incorrect.

Getting the Update

The Security and Quality Rollup is available via Windows Update, Windows Server Update Services, and Microsoft Update Catalog. The Security Only Update is available via Windows Server Update Services and Microsoft Update Catalog.

Microsoft Update Catalog

You can get the update via the Microsoft Update Catalog. For Windows 10, NET Framework 4.8 updates are available via Windows Update, Windows Server Update Services, Microsoft Update Catalog. Updates for other versions of .NET Framework are part of the Windows 10 Monthly Cumulative Update.

Note: Customers that rely on Windows Update and Windows Server Update Services will automatically receive the .NET Framework version-specific updates. Advanced system administrators can also take use of the below direct Microsoft Update Catalog download links to .NET Framework-specific updates. Before applying these updates, please ensure that you carefully review the .NET Framework version applicability, to ensure that you only install updates on systems where they apply.

The following table is for Windows 10 and Windows Server 2016+ versions.

Product Version Cumulative Update
Windows 11
.NET Framework 3.5, 4.8 Catalog 5012121
Microsoft server operating systems version 21H2
.NET Framework 3.5, 4.8 Catalog 5012123
Windows 10 21H2
.NET Framework 3.5, 4.8 Catalog 5012117
Windows 10 21H1
.NET Framework 3.5, 4.8 Catalog 5012117
Windows 10, version 20H2 and Windows Server, version 20H2
.NET Framework 3.5, 4.8 Catalog 5012117
Windows 10 1909
.NET Framework 3.5, 4.8 Catalog 5012120
Windows 10 1809 (October 2018 Update) and Windows Server 2019 5012328
.NET Framework 3.5, 4.7.2 Catalog 5012128
.NET Framework 3.5, 4.8 Catalog 5012119
Windows 10 1607 (Anniversary Update) and Windows Server 2016
.NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5012596
.NET Framework 4.8 Catalog 5012118
Windows 10 1507
.NET Framework 3.5, 4.6, 4.6.1, 4.6.2 Catalog 5012653

The following table is for earlier Windows and Windows Server versions.

Product Version Security and Quality Rollup Security Only Update
Windows 8.1, Windows RT 8.1 and Windows Server 2012 R2 5012331 5012326
.NET Framework 3.5 Catalog 5012139 Catalog 5012152
.NET Framework 4.5.2 Catalog 5012142 Catalog 5012155
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5012130 Catalog 5012147
.NET Framework 4.8 Catalog 5012124 Catalog 5012144
Windows Server 2012 5012330 5012325
.NET Framework 3.5 Catalog 5012136 Catalog 5012149
.NET Framework 4.5.2 Catalog 5012140 Catalog 5012153
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5012129 Catalog 5012146
.NET Framework 4.8 Catalog 5012122 Catalog 5012143
Windows 7 SP1 and Windows Server 2008 R2 SP1 5012329 5012324
.NET Framework 3.5.1 Catalog 5012138 Catalog 5012151
.NET Framework 4.5.2 Catalog 5012141 Catalog 5012154
.NET Framework 4.6, 4.6.1, 4.6.2, 4.7, 4.7.1, 4.7.2 Catalog 5012131 Catalog 5012148
.NET Framework 4.8 Catalog 5012125 Catalog 5012145
Windows Server 2008 5012332 5012327
.NET Framework 2.0, 3.0 Catalog 5012137 Catalog 5012150
.NET Framework 4.5.2 Catalog 5012141 Catalog 5012154
.NET Framework 4.6 Catalog 5012131 Catalog 5012148

 

Previous Monthly Rollups

The last few .NET Framework Monthly updates are listed below for your convenience:

0 comments

Leave a comment